Linux Kernel Media Component Vulnerability Affecting Vivid Driver
CVE-2025-38226

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
4 July 2025

What is CVE-2025-38226?

A vulnerability in the Linux kernel's vivid media driver allows for a vmalloc-out-of-bounds condition. The issue arises during memory operations in the v4l2-tpg-core.c file, specifically when the composition size exceeds expected limits. This flaw can lead to unexpected behaviors and potential system instability. Proper validation checks are necessary to ensure that the composition size does not exceed the fmt_cap_rect size, which could trigger further memory-related issues.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 54f259906039dbfe46c550011409fa16f72370f6 < 57597d8db5bbda618ba2145b7e8a7e6f01b6a27e

Linux f9d19f3a044ca651b0be52a4bf951ffe74259b9f < 635cea4f44c1ddae208666772c164eab5a6bce39

Linux ab54081a2843aefb837812fac5488cc8f1696142 < 89b5ab822bf69867c3951dd0eb34b0314c38966b

References

https://git.kernel.org/stable/c/57597d8db5bbda618ba2145b7...
https://git.kernel.org/stable/c/635cea4f44c1ddae208666772...
https://git.kernel.org/stable/c/89b5ab822bf69867c3951dd0e...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.